Details of VAR-201806-1449

ID

VAR-201806-1449

CVE

CVE-2018-4246

TITLE

plural Apple Used in products Webkit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-005811

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4; watchOS 4.3. 1 previous version. ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 ------------------------------------------------------------------------ Date reported : August 07, 2018 Advisory ID : WSA-2018-0006 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0006.html CVE identifiers : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. Credit to OSS-Fuzz. A type confusion issue was addressed with improved memory handling. Credit to Omair working with Trend Micro's Zero Day Initiative. A memory corruption issue was addressed with improved memory handling. Credit to Mateusz Krzywicki working with Trend Micro's Zero Day Initiative. A memory corruption issue was addressed with improved memory handling. Credit to Arayz working with Trend Micro's Zero Day Initiative. A memory corruption issue was addressed with improved memory handling. Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light- Year Security Lab. A memory corruption issue was addressed with improved memory handling. Credit to cc working with Trend Micro's Zero Day Initiative. A memory corruption issue was addressed with improved memory handling. Credit to OSS-Fuzz. A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. Credit to Arayz of Pangu team working with Trend Micro's Zero Day Initiative. A memory corruption issue was addressed with improved memory handling. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved memory handling. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. Credit to OSS-Fuzz. A memory corruption issue was addressed with improved memory handling. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. Credit to Jun Kokatsu (@shhnjk). A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Credit to OSS-Fuzz. A type confusion issue was addressed with improved memory handling. Credit to Yu Haiwan. A buffer overflow issue was addressed with improved memory handling. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, August 07, 2018 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Crash Reporter Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero FontParser Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) UIKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4200: Ivan Fratric of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUsiMACgkQ8ecVjteJ iCYcZBAAusSQ6lM5Qebyc48iNEu/DUrOwUVyN6MNjo0699Xm+kbu+0u/JQNf75jw ZeelK31NLRyRx9BuK7u4J20gi+hsWI7N9wtVkeOaPiE/Ha45uEVaJ6lSSJOIZ3rZ oXb4PiL8+bSukiRgBvFhnxDwGCGefg8udRjtONRlCuMvyZAY09LT6cgZOXSEJEbF ecVmvDAEEwH1hcTV7PJbQ4nCkv97DA8dPVTbUUbtPXCOPYjsClz1JSUubOSDw3d4 7tq4pfs6ZJFZCE8JFJFY+CCIWuE1FppTE7FVJVfFdpAri+prTeGZJppzEjJDZR2g 4lCOyx926Mp5tqZx6WZc1Xkz8LJaZbEWPrfGW4wKMFIC7WPwhyi7y2NqVfcjbubW aOsfQFwbCx9KlfOfUMJtbAaha7TBiDJV5u2PMILL3ct2BRX+LqEUrlrR1uwhF5VZ npPX9cEwMbWRCj7QJC9bmRT1mPYKD+sK5HqBc7Ftp3NYv1hjhEz6iVcF7HYY9T2j aYzvsXaMilihEaDRu4H/0wLX4abUrOtUwFowuehUkNF30cgBrtyWcJl6K6/WaW2C IdmF0IB4T4MRWyPKY2r1A+rBerCaoxb0IBucOP9JO4V1uDrCoHdxEL9LfjXlz/tx CiPvy4EaV2aIDjSfkf75IXtHx2ueIFfdTGVH1OEdX9JoCSqNRPQ= =8ofX -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.52

sources: NVD: CVE-2018-4246 // JVNDB: JVNDB-2018-005811 // VULHUB: VHN-134277 // VULMON: CVE-2018-4246 // PACKETSTORM: 148017 // PACKETSTORM: 148645 // PACKETSTORM: 148854 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	11.1.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.7.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.4	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos high sierra 10.13.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 0.6

sources: JVNDB: JVNDB-2018-005811 // CNNVD: CNNVD-201806-589 // NVD: CVE-2018-4246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4246
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4246
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-589
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134277
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4246
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4246
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134277
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4246
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134277 // VULMON: CVE-2018-4246 // JVNDB: JVNDB-2018-005811 // CNNVD: CNNVD-201806-589 // NVD: CVE-2018-4246

PROBLEMTYPE DATA

problemtype:

CWE-704

Trust: 1.9

sources: VULHUB: VHN-134277 // JVNDB: JVNDB-2018-005811 // NVD: CVE-2018-4246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-589

TYPE

overflow, code execution

Trust: 0.8

sources: PACKETSTORM: 148017 // PACKETSTORM: 148645 // PACKETSTORM: 148854 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005811

PATCH

title:	HT208853	url:	https://support.apple.com/en-us/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/en-us/HT208854	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/en-us/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/en-us/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/en-us/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/en-us/HT208852	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/ja-jp/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/ja-jp/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/ja-jp/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/ja-jp/HT208852	Trust: 0.8
title:	HT208853	url:	https://support.apple.com/ja-jp/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/ja-jp/HT208854	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80783	Trust: 0.6
title:	Apple: Safari 11.1.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a694f067de60896ce5475c3b24f85ae2	Trust: 0.1
title:	Apple: iTunes 12.7.5 for Windows	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=427778ba6ddba25910ede3bba3ecff86	Trust: 0.1
title:	Apple: iCloud for Windows 7.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=02a7454fe2f6b5665d8cc96d80b7dfc4	Trust: 0.1
title:	Apple: watchOS 4.3.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f4c2f01c97a0857022a69b5486be838	Trust: 0.1
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3743-1	Trust: 0.1
title:	Apple: tvOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d2d0b1ec71830547fb971d63ee3beadb	Trust: 0.1
title:	Apple: iOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f3db097f895347566033494c2dda90b	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1

sources: VULMON: CVE-2018-4246 // JVNDB: JVNDB-2018-005811 // CNNVD: CNNVD-201806-589

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4246	Trust: 3.4
db:	SECTRACK	id:	1041029	Trust: 1.8
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005811	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-589	Trust: 0.7
db:	VULHUB	id:	VHN-134277	Trust: 0.1
db:	VULMON	id:	CVE-2018-4246	Trust: 0.1
db:	PACKETSTORM	id:	148017	Trust: 0.1
db:	PACKETSTORM	id:	148645	Trust: 0.1
db:	PACKETSTORM	id:	148854	Trust: 0.1
db:	PACKETSTORM	id:	148644	Trust: 0.1
db:	PACKETSTORM	id:	148028	Trust: 0.1
db:	PACKETSTORM	id:	148026	Trust: 0.1
db:	PACKETSTORM	id:	148027	Trust: 0.1
db:	PACKETSTORM	id:	148016	Trust: 0.1

sources: VULHUB: VHN-134277 // VULMON: CVE-2018-4246 // JVNDB: JVNDB-2018-005811 // PACKETSTORM: 148017 // PACKETSTORM: 148645 // PACKETSTORM: 148854 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016 // CNNVD: CNNVD-201806-589 // NVD: CVE-2018-4246

REFERENCES

url:	https://usn.ubuntu.com/3743-1/	Trust: 1.9
url:	https://support.apple.com/ht208848	Trust: 1.8
url:	https://support.apple.com/ht208850	Trust: 1.8
url:	https://support.apple.com/ht208851	Trust: 1.8
url:	https://support.apple.com/ht208852	Trust: 1.8
url:	https://support.apple.com/ht208853	Trust: 1.8
url:	https://support.apple.com/ht208854	Trust: 1.8
url:	http://www.securitytracker.com/id/1041029	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4246	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4246	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4233	Trust: 0.7
url:	https://support.apple.com/kb/ht201222	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4214	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4192	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4201	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4222	Trust: 0.7
url:	https://www.apple.com/support/security/pgp/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4218	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4224	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4190	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4188	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4232	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4199	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4225	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4204	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4200	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4226	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4249	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4235	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4243	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4198	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4240	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4237	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4223	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4206	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4211	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4241	Trust: 0.4
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/704.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208854	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4265	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12911	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4264	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4261	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4263	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4270	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4271	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4262	Trust: 0.1
url:	https://wpewebkit.org/security/.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4266	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4273	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4284	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2018-0006.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4267	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4272	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4278	Trust: 0.1
url:	https://wpewebkit.org/security/wsa-2018-0006.html	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4247	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4205	Trust: 0.1

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 148017 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016

SOURCES

db:	VULHUB	id:	VHN-134277
db:	VULMON	id:	CVE-2018-4246
db:	JVNDB	id:	JVNDB-2018-005811
db:	PACKETSTORM	id:	148017
db:	PACKETSTORM	id:	148645
db:	PACKETSTORM	id:	148854
db:	PACKETSTORM	id:	148644
db:	PACKETSTORM	id:	148028
db:	PACKETSTORM	id:	148026
db:	PACKETSTORM	id:	148027
db:	PACKETSTORM	id:	148016
db:	CNNVD	id:	CNNVD-201806-589
db:	NVD	id:	CVE-2018-4246

LAST UPDATE DATE

2024-11-23T20:16:11.825000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134277	date:	2019-03-07T00:00:00
db:	VULMON	id:	CVE-2018-4246	date:	2019-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-005811	date:	2018-07-31T00:00:00
db:	CNNVD	id:	CNNVD-201806-589	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2018-4246	date:	2024-11-21T04:07:02.873

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134277	date:	2018-06-08T00:00:00
db:	VULMON	id:	CVE-2018-4246	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-005811	date:	2018-07-31T00:00:00
db:	PACKETSTORM	id:	148017	date:	2018-06-04T15:58:18
db:	PACKETSTORM	id:	148645	date:	2018-07-23T15:22:22
db:	PACKETSTORM	id:	148854	date:	2018-08-07T20:22:22
db:	PACKETSTORM	id:	148644	date:	2018-07-23T14:04:44
db:	PACKETSTORM	id:	148028	date:	2018-06-04T16:10:27
db:	PACKETSTORM	id:	148026	date:	2018-06-04T16:09:27
db:	PACKETSTORM	id:	148027	date:	2018-06-04T16:10:01
db:	PACKETSTORM	id:	148016	date:	2018-06-04T15:57:32
db:	CNNVD	id:	CNNVD-201806-589	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-4246	date:	2018-06-08T18:29:02.633